amitmiran137 commented on pull request #13773: URL: https://github.com/apache/superset/pull/13773#issuecomment-812352096
Adding another important statement here about the final JWT lifecycle: 1. The jwt will be consumed from the dashboard frontend component by calling dashboard API and one of the properties inside will be the extra_jwt ( similar to fetching it from the bootstrap data RIP 😜) 2. the jwt is then passed on every chart data request within the form data back to the backend 3. upon raise_for_access existing validation in addition to permission of dataset/schema The jwt is being parsed and questioned either a dataset permission exist within P.S in any other chart data API call no jwt will exist therfore only dataset/schema permission mechanism applies -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
